Use Let's Encrypt with HipChat Server

by GLiNTECH

It is best practice to use SSL and HTTPS to secure communications between your users and your website and avoid the potential security risk that unencrypted traffic poses. HipChat Server ships with a "self-signed" certificate, requiring you to arrange and install your own "trusted" certificate. A trusted certificate would usually require you to contact a Certificate Authority and paying an annual fee. By using Let's Encrypt, you can generate a free, trusted SSL certificate to provide encrypted communications between your users and HipChat. Best of all, we can set the certificate to automatically renew before it expires.

HipChat Server

HipChat Server offers a self-signed certificate out of the box. This is great for testing your configuration but not so great once your want to start using HipChat in production within your organisation. You can update the SSL certificate used by your HipChat instance by going to "Server Admin" and clicking "SSL".

Even if you use Let's Encrypt to generate the certificate on your local machine and pasted the details into this window, you would run into two problems here:

Let's Encrypt certificates are only valid for 90 days from when they are issued

You have to go through a manual process of checking if they're up for renewal and updating the SSL details in HipChat.

The .ova virtual machine that HipChat Server ships on doesn't play nicely with the "letsencrypt" package that you would use on a normal server.